Eingang zum Volltext
Lizenz
Bitte beziehen Sie sich beim Zitieren dieses Dokumentes immer auf folgende
URN: urn:nbn:de:kobv:83-opus-30942
URL: http://opus.kobv.de/tuberlin/volltexte/2011/3094/
Tanveer, Mustafa ; Sohr, Karsten ; Dang, Duc-Hanh ; Drouineaud, Michael ; Kowski, Stefan
developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies.
While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In particular, today often only basic RBAC concepts have found their way into commercial RBAC products; specifically, authorization constraints are not widely supported. In this paper, we present an RBAC administration tool that can enforce certain kinds of role-based authorization constraints such as separation of duty constraints. The authorization constraint functionality is based upon the OCL validation tool USE. We also describe our practical experience that we gained on integrating OCL functionality into a prototype of an RBAC administration tool that shall be extended to a product in the future.
URN: urn:nbn:de:kobv:83-opus-30942
URL: http://opus.kobv.de/tuberlin/volltexte/2011/3094/
Tanveer, Mustafa ; Sohr, Karsten ; Dang, Duc-Hanh ; Drouineaud, Michael ; Kowski, Stefan
Implementing Advanced RBAC Administration Functionality with USE
| pdf-Format: |
|
Kurzfassung in Englisch
Role-based access control (RBAC) is a powerful means for laying out anddeveloping higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies.
While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In particular, today often only basic RBAC concepts have found their way into commercial RBAC products; specifically, authorization constraints are not widely supported. In this paper, we present an RBAC administration tool that can enforce certain kinds of role-based authorization constraints such as separation of duty constraints. The authorization constraint functionality is based upon the OCL validation tool USE. We also describe our practical experience that we gained on integrating OCL functionality into a prototype of an RBAC administration tool that shall be extended to a product in the future.
| Freie Schlagwörter (deutsch): | Authorization constraints, Object Constraint Language, Role-based access control | |
| Freie Schlagwörter (englisch): | Authorization constraints, Object Constraint Language, Role-based access control | |
| Collection | TU Berlin / Zeitschriften / Fakultät IV - Elektrotechnik und Informatik / Electronic Communications of the EASST- ECEASST / Volume 15 (2008): OCL Concepts and Tools 2008 | |
| Institut: | Institut für Softwaretechnik und Theoretische Informatik | |
| DDC-Sachgruppe: | Informatik | |
| Dokumentart: | Aufsatz | |
| Schriftenreihe: | Electronic Communications of the EASST- ECEASST | |
| Band Nummer: | 15/07 | |
| ISBN: | 1863-2122 | |
| Quelle: | http://journal.ub.tu-berlin.de/eceasst/article/view/177/ | |
| Sprache: | Englisch | |
| Erstellungsjahr: | 2008 | |
| Publikationsdatum: | 21.06.2011 | |
| Lizenz: | Standardlizenz: Typ CC by-nc-sa - Namensnennung erforderlich | Kommerziell nein | Weiterbearbeitung nur unter gleichen Bedingungen erlaubt | PoD ja |
